Default elements for Inspection Policy elements
Default Inspection Policy elements are introduced when you import and activate a dynamic update package. The rules in the Inspection Policy Templates can change when you activate new update packages.
To customize inspection, you must have a custom Inspection Policy element. The predefined templates are a good starting point for your own customization.
Note: Keeping your system up to date with latest dynamic updates is an essential part of maintaining your Inspection Policy elements.
Template | Description |
---|---|
No Inspection Policy | Suitable for Firewall deployments, in which only packet filtering is needed. Disables deep packet inspection. |
Medium-Security Inspection Template | For Firewalls, Layer 2 Firewalls, inline IPS deployments in asymmetrically routed networks, and IPS deployments in IDS mode. Terminates reliably identified attacks and logs Situations that have some degree of inaccuracy. Low risk of false positives. |
High-Security Inspection Template | For Firewall, Layer 2 Firewall, and inline IPS use. Extended inspection coverage and evasion protection. Not for asymmetrically routed networks. Terminates reliably identified attacks, and Situations that have some inaccuracy. Moderate false positive risk. |
Customized High-Security Inspection Policy | This policy is an example of a highly customized Inspection Policy for network environments in which unconditional inspection coverage and evasion protection are required. The risk of false positives is high in production use. |